Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older ...

Vuln ID: CVE-2018-1000226

Published: 2018-08-20 20:29:01Z

Description: Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler-api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931.

We use cookies to help give you the best possible experience on our website. Cookies help us personalize content and ads, provide social media features, track your preferences, and analyze traffic. By continuing to browse or use this site, you accept the Privacy Policy and give consent for cookies to be used.I accept